CVE-2024-4395 – Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation

https://notcve.org/view.php?id=CVE-2024-4395

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. El servicio XPC dentro de la funcionalidad de auditoría de Jamf Compliance Editor anterior a la versión 1.3.1 en macOS puede provocar una escalada de privilegios locales. • https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdf https://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkg https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html https://trusted.jamf.com/docs/establishing-compliance-baselines#support • CWE-269: Improper Privilege Management •